DDoS mitigation

The recent spate of distributed denial of service (DDoS) attacks on Swiss organisations has highlighted the severe impact that such attacks can have on business, with many businesses reporting losses running into the millions.

DDoS attacks are nothing new, however successful mitigation measures to protect against serious attacks of the scale we have seen recently can be very expensive and many firms don’t have such measures in place. Even organisations with no online service vital to their business are threatened by DDoS attacks, because these attacks are often only a prelude to, or a distraction from, other more advanced attacks. So it is crucial for organisations to make preparations to minimise the time to detect and respond to any potential attack.

Bear in mind that the source of DDoS attacks is hidden by the method of distribution, e.g. via a Botnet – and DoS attacks – which are not covert – are usually a more violent statement by someone prepared to reveal the source of the attack. But we use the term DDoS here because the protections work the same way. Attacks against you are also – sadly – incredibly cheap to generate and simple to launch.

What can you do?

Here are some strategies organisations can follow to protect themselves against DDoS attacks. The right combination of strategies will depend on the nature of your online business, and should start with a thorough assessment of the risks and the potential financial impact of attacks of various levels of intensity and duration.

Cyber savvy: Securing operational technology assets

Business leaders who have security as part of their overall business strategy discussion are better positioned to balance the technologies, processes and resources needed to anticipate constantly evolving cyber risks. The term ‘operational technology’ (OT) refers to the hardware and software used to control industrial processes and infrastructure, particularly in industries such as energy, mining, utilities, manufacturing and transport. A cyber-attack on an OT environment can have serious and wide ranging consequences beyond just financial losses – including prolonged outages of critical services, environmental damage and even the loss of human life. There are highly skilled and motivated adversaries actively seeking to exploit the security weaknesses in OT networks, process control systems and critical infrastructure. Their motivations range from economic benefit and espionage through to malicious disruption and destruction. While many operators in these sectors have recognised the need to increase focus and spending on the security of their corporate IT systems, this has not been matched for OT systems, leading to critical vulnerabilities. We have drawn on our experience conducting cyber security assessments and penetration tests across the globe to identify the 10 most common security flaws in OT networks.

The Swiss Reporting and Analysis Centre for Information Assurance (MELANI) highlights the importance of a cross functional approach to combat cyber threats to Operational Technology and Infrastructure: “The enumerated measures should be embedded in an overarching security process, ensuring that the measures are applied, regularly verified, and continuously improved. Moreover, it is important for operators of systems to know the current threat situation, to monitor that situation regularly, and to incorporate the insights into implementation and improvement of the security measures. For this purpose, close cooperation between risk management, engineering, and operations is of the utmost importance.”

Read the report:
Cyber Savvy securing operational technology assets December 2015

The 10 most likely ways your operation technology network will be compromised:



Attacks against Israeli & Palestinian interests

This short report details the techniques being used in a series of attacks mostly against Israel-based organisations. The decoy documents and filenames used in the attacks suggest the intended targets include organisations with political interests or influence in Israel and Palestine. Although we are unable to link this campaign to any already documented in open source, it bears similarities to some described by others previously[1],[2].

The earliest samples in the campaign we have identified date back to the summer of 2014. The number of samples discovered and relatively small scale of infrastructure suggest the attackers have limited resources with which to conduct attacks.

More details…

If you have any further questions, please contact us.

Will VENOM’s strike poison your shared infrastructure?

The fangs of a newly-found security vulnerability in virtual computing systems were revealed by security researchers at CrowdStrike last week. Named “VENOM” its announcement calls attention to a previously unrecognized risk that may impact millions of systems around the world, as well as disrupt normal business as IT organizations scramble to patch affected systems.

VENOM stands for Virtualized Environmental Neglected Operations Manipulation. It affects some, but not all, virtualization management systems in use within organizations and cloud service providers today. It highlights a weakness in some virtual systems where a hacker after gaining access to one company’s secure network could then jump to other independent companies that just happen to share virtual server space.

This new vulnerability appears to be of a similar scale to the Heartbleed vulnerability discovered in OpenSSL last year; however, this new issue has the potential to impact across organizational and company boundaries. Most organizations use server virtualization in some form today. The use of “cloud” servers crested the 50% mark this last year and is expected to hit 86% adoption by 2016, according to CIO Insights.

Read more…

If you have any questions, please contact us.